Allow the graph to start w/out network

BUG: #241

If we've already enrolled the host, we don't need
network connectivity to get the tenant id and
authority host.

Signed-off-by: David Mulder <[email protected]>

Cargo.toml

@@ -38,7 +38,7 @@ tracing-subscriber = "^0.3.17"
 tracing = "^0.1.37"
 himmelblau_unix_common = { path = "src/common" }
 kanidm_unix_common = { path = "src/glue" }
-libhimmelblau = { version = "0.3.4" }
+libhimmelblau = { version = "0.3.5" }
 clap = { version = "^4.5", features = ["derive", "env"] }
 clap_complete = "^4.4.1"
 reqwest = { version = "^0.12.2", features = ["json"] }

src/common/src/config.rs

@@ -5,12 +5,12 @@ use std::path::PathBuf;
 use tracing::{debug, error};
 
 use crate::constants::{
-    BROKER_APP_ID, CN_NAME_MAPPING, DEFAULT_BROKER_SOCK_PATH, DEFAULT_CACHE_TIMEOUT,
-    DEFAULT_CONFIG_PATH, DEFAULT_CONN_TIMEOUT, DEFAULT_DB_PATH, DEFAULT_HELLO_ENABLED,
-    DEFAULT_HELLO_PIN_MIN_LEN, DEFAULT_HOME_ALIAS, DEFAULT_HOME_ATTR, DEFAULT_HOME_PREFIX,
-    DEFAULT_HSM_PIN_PATH, DEFAULT_ID_ATTR_MAP, DEFAULT_ODC_PROVIDER, DEFAULT_SELINUX,
-    DEFAULT_SFA_FALLBACK_ENABLED, DEFAULT_SHELL, DEFAULT_SOCK_PATH, DEFAULT_TASK_SOCK_PATH,
-    DEFAULT_USE_ETC_SKEL, SERVER_CONFIG_PATH,
+    BROKER_APP_ID, CN_NAME_MAPPING, DEFAULT_AUTHORITY_HOST, DEFAULT_BROKER_SOCK_PATH,
+    DEFAULT_CACHE_TIMEOUT, DEFAULT_CONFIG_PATH, DEFAULT_CONN_TIMEOUT, DEFAULT_DB_PATH,
+    DEFAULT_HELLO_ENABLED, DEFAULT_HELLO_PIN_MIN_LEN, DEFAULT_HOME_ALIAS, DEFAULT_HOME_ATTR,
+    DEFAULT_HOME_PREFIX, DEFAULT_HSM_PIN_PATH, DEFAULT_ID_ATTR_MAP, DEFAULT_ODC_PROVIDER,
+    DEFAULT_SELINUX, DEFAULT_SFA_FALLBACK_ENABLED, DEFAULT_SHELL, DEFAULT_SOCK_PATH,
+    DEFAULT_TASK_SOCK_PATH, DEFAULT_USE_ETC_SKEL, SERVER_CONFIG_PATH,
 };
 use crate::unix_config::{HomeAttr, HsmType};
 use idmap::DEFAULT_IDMAP_RANGE;
@@ -422,6 +422,20 @@ impl HimmelblauConfig {
             None => DEFAULT_HELLO_PIN_MIN_LEN,
         }
     }
+
+    pub fn get_authority_host(&self, domain: &str) -> String {
+        match self.config.get(domain, "authority_host") {
+            Some(val) => val,
+            None => {
+                debug!("authority_host unset, using defaults");
+                String::from(DEFAULT_AUTHORITY_HOST)
+            }
+        }
+    }
+
+    pub fn get_tenant_id(&self, domain: &str) -> Option<String> {
+        self.config.get(domain, "tenant_id")
+    }
 }
 
 impl fmt::Debug for HimmelblauConfig {

src/common/src/idprovider/himmelblau.rs

@@ -5,6 +5,7 @@ use super::interface::{
 use crate::config::split_username;
 use crate::config::HimmelblauConfig;
 use crate::config::IdAttr;
+use crate::constants::DEFAULT_GRAPH;
 use crate::db::KeyStoreTxn;
 use crate::idprovider::interface::tpm;
 use crate::unix_proto::PamAuthRequest;
@@ -92,9 +93,23 @@ impl HimmelblauMultiProvider {
             debug!("Adding provider for domain {}", domain);
             let range = cfg.get_idmap_range(&domain);
             let mut idmap_lk = idmap.write().await;
-            let graph = Graph::new(&cfg.get_odc_provider(&domain), &domain)
-                .await
-                .map_err(|e| anyhow!("{:?}", e))?;
+            let authority_host = cfg.get_authority_host(&domain);
+            let tenant_id = cfg.get_tenant_id(&domain);
+            let graph = match Graph::new(
+                &cfg.get_odc_provider(&domain),
+                &domain,
+                Some(&authority_host),
+                tenant_id.as_deref(),
+                Some(DEFAULT_GRAPH),
+            )
+            .await
+            {
+                Ok(graph) => graph,
+                Err(e) => {
+                    error!("Failed initializing provider: {:?}", e);
+                    continue;
+                }
+            };
             let authority_host = graph.authority_host();
             let tenant_id = graph.tenant_id();
             idmap_lk